Authy app-based verification

This article explains how to set up two-step verification using Authy application.

Requirements

Twilio account

Create a Twilio account if you do not have one.
- Create Twilio project account
- Upgrade Twilio project account

Note, Authy app-based application is a paid service from Twilio. Check Authy Pricing page.

Create Authy application

Navigate to the Authy Applications page in the Twilio Console.

If you do not have Authy application yet, then click the Get Started button to create one.

Get Started Button

The Build With Authy page is displayed.

You need to complete at least the first two steps:

Verify a phone number
Create an application and get your API credentials.

Click the Verify Phone Number button.

Verify Number

Next, specify the country and the phone number. Click the Text me button.

Text Me Button

Check text messages on your phone. You should get the Twilio code. Enter the code into the Verification code field and click the Verify button.

Enter Verification Code

When you enter the correct code, then you will see a message about the successful verification of the phone number. Click the Return to Console button.

Return To Console

A browser page will be returned to the Build With Authy page. Once you confirm your phone number, the next step is to create an Authy application if you do not already have one created. Specify the name for new Authy application and click the Create Application button.

Create Application Button

The new Authy application is created.

New Authy Application

Navigate to the Authy Applications page, locate the newly created Authy application and click its name.

Authy Applications Page

In the Overview page, click the Settings link.

Overview Page

Locate Production API Key on the General Settings page. Click the Eye pictogram in order to view the API Key. Copy it. This API Key is required in the next steps.

General Settings Page

Setup Authy app-based verification

The Authy app-based verification settings page is available from the Admin Console.

In MiaRec Web portal, go to Administration > User Authentication > 2-Step Verification page.

MiaRec Verification Page

Click the Configure link for the Authy app-based verification setting.

Configure Link

Set Enable checkbox.
Specify Authy API Key which was taken from the previous step.
Change a default Authy Message if desired. This message will be shown to users in Authy application.
Configure Status Callback as desired. See below for information.
Press Save button.

[Optional] Enable Status Callback

If the Status Callback is Disabled, then MiaRec Web portal will be polling for Authy Push Authentication requests status.

If the Status Callback is Enabled, then the Authy Webhooks API will be used to notify MiaRec Web portal of the status of the Push Authentication request.

In this case, you need to configure Webhook URL in Authy Application Push Authentication settings page. Your MiaRec Web portal must be accessible from the Internet for this use case.

First, you need to locate the proper callback URL. In MiaRec Web portal, go to Administration > User Authentication > 2-Step Verification page. Find the Callback URL under Authy app-based verification section.

Authy app-based verification section

If your Web portal URL is not configured yet, click the Change Web portal URL link to edit the Web portal URL. Remember or copy Callback URL

In Twilio Console, navigate to the Authy Application Settings page. Click the Push Authentication link to open the required settings page.

Push Authentication

Put the Callback URL into the ENDPOINT/URL field. Leave the method equals to “HTTP POST”. Click the Save button.

Test connection

In MiaRec Web portal go to Administration > User Authentication > 2-Step Verification page.

Click the Test connection link.

Test Connection

Authy app-based verification form is opened.

Authy Verification Form

Specify your country code, phone number, and email. You should have Authy Application set up on your device. Specified phone number should be turned into Authy secure account.
Click the Test connection button.

Test Connection Button

The two alerts should appear on the top of the form. One is about successful sending request (“Authy request is sent successfully to your device”). The other is about awaiting for an approval (“Waiting for an approval. Please approve on your device”).

You should receive an Authy Push Authentication request on your device. Click the Approve button on it.

When the authentication request is approved the second alert should replace with “Auhy request is approved successfully on your device”, signaling that it works.

Alert Replaced